from datetime import datetime, timedelta from fastapi import APIRouter, Depends, HTTPException, status from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm from starlette.status import HTTP_401_UNAUTHORIZED from jose import JWTError, jwt from app.settings import settings from pydantic import BaseModel from typing import List from users.models import User ALGORITHM = "HS256" ACCESS_TOKEN_EXPIRE_MINUTES = 30 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/users/token") def create_access_token(data: dict, expires_delta: timedelta | None = None) -> str: to_encode = data.copy() if expires_delta: expire = datetime.utcnow() + expires_delta else: expire = datetime.utcnow() + timedelta(minutes=15) to_encode.update({"exp": expire}) encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=ALGORITHM) return encoded_jwt def verify_access_token(token: str) -> bool: try: payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[ALGORITHM]) user_id: str = payload.get("sub", None) if user_id is None: return False except JWTError: return False return True async def get_current_user(token: str = Depends(oauth2_scheme)): credentials_exception = HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Could not validate credentials", headers={"WWW-Authenticate": "Bearer"}, ) try: payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[ALGORITHM]) user_id: str = payload.get("sub", None) if user_id is None: raise credentials_exception except JWTError: raise credentials_exception user = await User.get(user_id) if user is None: raise credentials_exception return user class UserSchema(BaseModel): username: str full_name: str plain_password: str email: str class UserSerializer(BaseModel): id: str username: str class Config: orm_mode = True class UserPassVerifySchema(BaseModel): id: str plain_password: str class PasswordSerializer(BaseModel): correct_password: bool class TokenSchema(BaseModel): token: str router = APIRouter( prefix="/users", tags=["users"], ) @router.post("/", response_model=UserSerializer) async def create_user(user: UserSchema): print(user) print(type(user)) user = await User.create(**user.dict()) return user @router.get("/me", response_model=UserSerializer) async def read_users_me(current_user: User = Depends(get_current_user)): return current_user @router.post("/verify", response_model=PasswordSerializer) async def verify_user_password(user: UserPassVerifySchema): us = await User.get(id=user.id) return PasswordSerializer(correct_password=us.verify_password(user.plain_password)) @router.get("/{id}", response_model=UserSerializer) async def get_user(id: str): user = await User.get(id) return user @router.get("/", response_model=List[UserSerializer]) async def get_all_users(): users = await User.get_all() return users @router.put("/{id}", response_model=UserSerializer) async def update(id: str, user: UserSchema): user = await User.update(id, **user.dict()) return user @router.delete("/{id}", response_model=bool) async def delete_user(id: str): return await User.delete(id) @router.post("/check-login", response_model=bool) async def check_if_token_still_active(token: TokenSchema): return verify_access_token(token.token) @router.post("/token") async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()): user = await User.authenticate_user(form_data.username, form_data.password) if not user: raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Incorrect username or password", headers={"WWW-Authenticate": "Bearer"}, ) access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES) access_token = create_access_token( data = {"sub": user.id}, expires_delta=access_token_expires ) return {"access_token": access_token, "token_type": "bearer"}